Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.2 security update

CVE-2025-13465 — lodash: prototype pollution in _.unset and _.omit functions CVE-2025-58183 — golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-61726 — golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2026-4645 — github.com/antchfx/xpath: xpath: Denial of Service via crafted Boolean XPath expressions CVE-2026-22029 — @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects CVE-2026-25639 — axios: Axios affected by Denial of Service via proto Key in mergeConfig CVE-2026-29063 — immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution CVE-2026-32285 — github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input CVE-2026-33186 — google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation CVE-2026-33487 — github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue CVE-2026-40175 — axios: Axios: Remote Code Execution via Prototype Pollution escalation